Django

Code

Ticket #6226 (closed: fixed)

Opened 7 months ago

Last modified 3 months ago

Newforms-admin escapes html tags when allow_tags is set

Reported by: michelts@gmail.com Assigned to: jgelens
Milestone: Component: Admin interface
Version: newforms-admin Keywords: nfa-blocker newforms admin auto escape allow_tags
Cc: michelts@gmail.com Triage Stage: Ready for checkin
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

Newforms-admin apply autoescape to a function output even when this function has the "allow_tags" attribute defined. There must be a way to output escape aware content from functions to the admin interface in order to output html content.

Attachments

allow_tags_fix.diff (0.6 kB) - added by jgelens on 03/27/08 08:08:48.
patch

Change History

12/17/07 14:22:25 changed by SmileyChris

  • needs_better_patch changed.
  • needs_tests changed.
  • needs_docs changed.

You can probably achieve outputting html by just using mark_safe(). Perhaps the documentation needs to be updated to remove the allow_tags reference?

12/18/07 05:41:22 changed by michelts

No I canĀ“t :) See above: 

from django.db import models
from django.utils.safestring import mark_safe
from django.contrib import admin

class Example(models.Model):
    name = models.CharField()
    def test(self):
        return mark_safe('<b>%s</b>' % (self.name))

class ExampleOptions(admin.ModelAdmin):
    list_display = ('name', 'test')

admin_site = admin.AdminSite()
admin_site.register(Example, ExampleOptions)

This should output the name in bold weight but this is not true for now. But I agree with you, allow_tags should not be available in favor of mark_safe or some SafeData? subclass ;)

12/20/07 06:35:15 changed by michelts

I found my mistake, I need to set the "allow_tags" attribute even if I return a safe string. See above: 

class Example(models.Model):
    name = models.CharField()
    def test(self):
        return mark_safe('<b>%s</b>' % (self.name))
    test.allow_tags = True

Maybe we should remove the allow_tags attribute?

03/27/08 08:08:48 changed by jgelens

  • attachment allow_tags_fix.diff added.

patch

03/27/08 08:11:09 changed by jgelens

Created a patch so that mark_safe doesn't have to be used explicitly. This is conform the current documentation. This bug is already fixed in the trunk, but wasn't in the newforms-admin branch.

03/27/08 08:11:33 changed by jgelens

  • owner changed from nobody to jgelens.
  • status changed from new to assigned.
  • has_patch set to 1.

03/27/08 09:55:43 changed by brosner

  • stage changed from Unreviewed to Ready for checkin.

I was messing around with merging branches and noticed that trunk does this, but newforms-admin does not.

03/27/08 10:00:58 changed by brosner

  • keywords changed from newforms admin auto escape allow_tags to nfa-blocker newforms admin auto escape allow_tags.

03/31/08 16:06:56 changed by brosner

  • status changed from assigned to closed.
  • resolution set to fixed.

Ugh, the post commit hook is not closing tickets. This was fixed in [7394].

Add/Change #6226 (Newforms-admin escapes html tags when allow_tags is set)




Change Properties
Action